The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has additional a critical security flaw in Citrix ShareFile storage zones controller to its Acknowledged Exploited Vulnerabilities (KEV) catalog, based on proof of lively in-the-wild exploitation.
Tracked as CVE-2023-24489 (CVSS rating: 9.8), the shortcoming has been described as an improper accessibility control bug that, if properly exploited, could let an unauthenticated attacker to compromise susceptible scenarios remotely.
The difficulty is rooted in ShareFile’s managing of cryptographic functions, enabling adversaries to add arbitrary data files, resulting in distant code execution.
“This vulnerability influences all at the moment supported versions of purchaser-managed ShareFile storage zones controller in advance of version 5.11.24,” Citrix stated in an advisory introduced in June. Dylan Pindur of Assetnote has been credited with discovering and reporting the issue.
It really is well worth noting that the very first symptoms of exploitation of the vulnerability emerged towards the end of July 2023.
The id of the risk actors powering the attacks is unknown, despite the fact that the Cl0p ransomware gang has taken a individual fascination in having benefit of zero-days in managed file transfer options this kind of as Accellion FTA, SolarWinds Serv-U, GoAnywhere MFT, and Progress MOVEit Transfer in recent years.
Risk intelligence firm GreyNoise said it noticed a considerable spike in exploitation tries focusing on the flaw, with as numerous as 75 exclusive IP addresses recorded on August 15, 2023, by itself.
“CVE-2023-24489 is a cryptographic bug in Citrix ShareFile’s Storage Zones Controller, a .NET web application jogging less than IIS,” GreyNoise reported.
“The application employs AES encryption with CBC method and PKCS7 padding but does not properly validate decrypted data. This oversight lets attackers to crank out valid padding and execute their attack, top to unauthenticated arbitrary file upload and distant code execution.”
Federal Civilian Executive Branch (FCEB) organizations have been mandated to apply vendor-presented fixes to remediate the vulnerability by September 6, 2023.
The improvement will come as security alarms have been lifted about energetic exploitation of CVE-2023-3519, a critical vulnerability influencing Citrix’s NetScaler product, to deploy PHP web shells on compromised appliances and attain persistent accessibility.
Identified this report exciting? Stick to us on Twitter and LinkedIn to go through more exclusive content we article.
Some areas of this post are sourced from: